gitweb.dragonflybsd.org Git

Merge bearssl-20220418

Main change is a callback for checking validity period of certificates.

Merge commit 'f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5'

Add -DHAVE_BR_X509_TIME_CHECK to libsecureboot/Makefile.inc

arm ti_mbox_attach: Write sysconfig to TI_MBOX_SYSCONFIG to request reset.

This variable was flagged as a set but unused warning as its value was
read from a register and then modified to set a bit
(TI_MBOX_SYSCONFIG_SOFTRST). After the variable is modified, the code
then loops waiting for the SOFTRST bit to go clear in the
TI_MBOX_SYSCONFIG register. Presumably merely reading from the
register does not request a reset as other places in the driver read
this register, so most likely the updated value of sysconfig setting
the reset bit is supposed to be written to the register to request a
reset before the polling loop that waits for the reset to finish.

Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34856

machine/in_cksum.h: don't include sys/cdefs.h

All consumers already do it and it was required on amd64 and i386
until recently (1c1bf5bd7c1e479a7889839b941f53e689aa2569).

Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34932

Update libsecureboot

Preparation for updating bearssl, pull in updates to libsecureboot.

o fix handling of some out-of-memory cases

o allow more control over reporting of Verified/Unverified files.
  this helps boot time when console output is slow

  o recheck verbose/debug level after reading any unverified file

o more debug support for vectx

o hash_string to support fake stat for tftp

o tests/tvo add -v to simply verify signatures

o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify
  verification in loader

o report date when certificate fails validity period checks

Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.

cxgbei: Return limits for the specific adapter the socket is on.

Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34929

iscsi: Fetch limits based on a socket rather than assuming global limits.

cxgbei needs the ability to return different limits based on the
connection (e.g. if the connection is over a T5 adapter or a T6
adapter as well as factoring in the MTU).

This change plumbs through the changes in the ioctls without changing
any of the backends.  The limits callback passed to icl_register now
accepts a second socket argument which holds the integer file
descriptor.  To support ABI compatiblity for old binaries, the
callback should return "global" values if the socket fd is zero.

The CTL_ISCSI_LIMITS argument used with CTL_ISCSI by ctld(8) now
accepts the socket fd in a field that was previously part of a
reserved spare field.  Old binaries zero this request which results in
passing a socket fd of 0 to the limits callback.

The ISCSIDREQUEST ioctl no longer returns limits.  Instead, iscsid(8)
invokes a new ISCSIDLIMITS ioctl after establishing the connection via
connect(2).  For ABI compat, if the old ISCSIDREQUEST is invoked, the
global limits are still fetched (with a socket fd of 0) and returned.

Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34928

iscsid: Push #ifdef ICL_KERNEL_PROXY into cap_ioctl_limits list.

This reduces duplication in the two lists and makes it clearer which
ioctls are needed in the ICL_KERNEL_PROXY case.

Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34927

linuxkpi_ieee80211_tx_status: Mark ridx as unused.

__diagused only squelches warnings for variables used under
INVARIANTS, it does not apply to custom debug knobs like
LINUXKPI_DEBUG_80211. Use __unused instead.

as3722_gpio_pin_setflags: Use computed mode instead of hardcoded PUSHPULL.

Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34855

qoriq_gpio_pin_setflags: Propagate error from qoriq_gpio_pin_configure.

Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34854

uhid_snes: Remove USB_ST_TRANSFERRED handling for the status request.

The result of the request computed in new_status was never returned to
the caller leaving new_status as a set-but-unused variable. Removing
new_status leaves sc->previous_status as a write-only variable.
Removing sc->previous_status leaves current_status as a write-only
variable, so it collapses down to removing the entire
USB_ST_TRANSFERRED case.

Arguably, all of the support for UHID_SNES_STATUS_DT_RD should be
removed as it doesn't return anything to the caller. If the request
should be fixed instead then this commit should be reverted and
new_status should be returned to whoever submitted the request.

Differential Revision: https://reviews.freebsd.org/D34840

powerpc cpu_idle_60x: Move some variables fully under #ifdef AIM.

Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D34905

powerpc booke cpu_machine_check: Remove unused variable.

Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D34902

powerpc cpu_idle_booke: Move read of mfmsr under #ifdef BOOKE_E500.

Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D34891

ata_kauai: Fix support for "shasta" controllers.

The probe routine was setting a value in the softc, but since the
probe routine was not returning zero, this value was lost since the
softc was reallocated (and re-zeroed) when the device was attached.
This is similar in nature to the fixes from
965205eb66cae3fd5de75a70a3aef2f014f98020.

To fix, move the code to set the 'shasta' flag to the start of attach
along with related code to set an IRQ resource on some non-shasta
devices. The IRQ resource still "worked" being in the probe routine
as the IRQ resource persisted after probe returned, but it is cleaner
to go ahead and move it to attach after setting the 'shasta' flag.

I have no way to test this, but noticed this while reading the code.

Reviewed by: jhibbits
Differential Revision: https://reviews.freebsd.org/D34888

vm_phys_init: Quiet unused but set warnings about npages.

npages is used in two optional cases:

- to conditionally create a separate DMA32 free list

- to index vm_page_array for VM_PHYSSEG_SPARSE

Add in more #ifdef's around npages statements.

Reviewed by: alc, markj
Differential Revision: https://reviews.freebsd.org/D34887

destroy_dev_sched*: Don't hold Giant for all deferred destroy_dev.

Rather than using taskqueue_swi_giant which holds Giant for all
deferred destroy_dev calls, create a separate queue for destroyed
devices with D_NEEDGIANT set in the corresponding cdevsw. The task
for this queue holds Giant whild destroying deferred devices while the
task for the default queue does not hold Giant.

In addition, switch to taskqueue_thread for destroy_dev_sched.
Deferred destroy_dev requests don't need to run at an SWI priority.

Reviewed by: imp, markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D34915

Vendor import of BearSSL at 2022-04-18 hash d40d23b

ping: split the visual part of -f into a new option -.

After this, we'll be able to ping a host and not spam the terminal, and
no flooding will have to be involved. I've been doing this under Linux
as ping -fi1 host.

Reviewed by: rpokala, Pau Amma
Differential Revision: https://reviews.freebsd.org/D34882

savecore: add an option to save a live minidump

The new '-L' flag will cause savecore to invoke the new mem(4) kernel
dump ioctl, taking a dump of the running system and writing the result
to a temporary file. Validation of the dump header is performed, similar
to regular crash dumps, and the final result is written to
livecore.X[.zst|.gz].

Also added is the '-Z' flag, which instructs the kernel to compress the
livedump compressed with zstd, akin to the existing -z flag. This option
has no effect in normal savecore(8) operation, but in theory could be
extended to perform such compression while reading the dump from the
dump device.

Encryption is unsupported for live dumps.

For example: 'savecore -Lz /var/crash' would create:
/var/crash/livecore.0.gz

Reviewed by: markj
MFC after: 2 weeks
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34347

savecore: factor out info file handling

Move it to a separate function, allowing its reuse.

Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34822

savecore: decrease filename buffer sizes

All files are now created relative to savedirfd, e.g. with openat(2).
Therefore, we do not need character buffers to be PATH_MAX bytes long,
just long enough to hold the complete filename. 32 bytes is long enough
in all cases. These can be allocated on the stack.

While here, fix an error message that attempts to use an uninitialized
infoname.

Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34821

savecore: fold maxdumps check into getbounds()

So that new callers of getbounds() don't need to duplicate it.

Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34783

path_test: Correct the kevent test

Perhaps surprisingly, and contrary to the expectations of
path_test:path_event, NOTE_LINK events are not raised when a file is
unlinked.  Prior to commit bf13db086b84, the test happened to work
because unlinking the file would cause the vnode to be recycled, and
EVFILT_VNODE knotes deliver an event with EV_EOF set when the vnode is
doomed.  Since the test did not verify the note type, the test
succeeded.  After commit bf13db086b84, the vnode is not recycled after
being unlinked and so the test hangs.

Fix the test by waiting for NOTE_DELETE instead, and check that we got
the note that we expected.

Reported by: Jenkins
MFC after: 3 days
Sponsored by: The FreeBSD Foundation

Add the base64 command using b64encode and b64decode

Various scripts expect the base64 command to be present. We've had the
code and it's been exposed as b64encode/b64decode, but it wasn't widely
known under these names and the syntax is much different.

Reviewed by: delphij
Differential Revision: https://reviews.freebsd.org/D32945

b64encode: implement -w to wrap lines

This functionality is present in GNU base64 and I find it useful when
I want to generate random, ASCII-clean data of specific width.

Reviewed by: delphij
Differential Revision: https://reviews.freebsd.org/D32944

bintrans: reinstate a test case that I lost

Reported by: https://ci.freebsd.org/job/FreeBSD-main-amd64-test/21166

bintrans: move files to a new directory

And reflect the change in various places.

Modularize uuencode and uudecode by wrapping them in bintrans.c

The program will be installed as bintrans, uuencode, uudecode,
b64encode, and b64decode and will be responsible for running the coders
according to their historical behavior.

Additionally, bintrans will be able to take a parameter designating
the coder and accept all its options in this form:
bintrans <coder> [options]
and the behavior should be the same as if
<coder> [options]
was invoked.
This has the advantage that adding coders won't require installing them
as binaries.

Move uudecode files to uuencode since the latter is the one that
provides the manual page.

Reviewed by: delphij (previous version)
Differential Revision: https://reviews.freebsd.org/D32943

ssh-agent: move -x description to correct spot in man page

MFC after: 3 days
Sponsored by: The FreeBSD Foundation

contrib/bc: import version 5.2.4

This update fixes an issue in input line editing: when going left to
the start of the line, the cursor would jump to the end of the line
instead.

Merge commit 'bc75dcc4ce682562390fa32e7cd63c08160e21b9'

vendor/bc: import version 5.2.4

This update fixes an issue in input line editing: when going left to
the start of the line, the cursor would jump to the end of the line
instead.

sctp: cleanup

MFC after: 3 days

sctp: fix typo introcuded in last commit

MFC after: 3 days

sctp: don't wakeup 1-to-1 listening sockets for data or notifications

Reported by: syzbot+ec9279d306a4ff0215f8@syzkaller.appspotmail.com
Reported by: syzbot+31d54f6d486333493dd4@syzkaller.appspotmail.com
MFC after: 3 days

Added a test to the exclude list

stress2: Added a regression test

nfscl: Clean up the code by removing unused arguments

The "void *stuff" (also called fstuff and dstuff) argument
was used by the Mac OSX port. For FreeBSD, this argument
is always NULL, so remove it to clean up the code.

This commit gets rid of "stuff" for assorted functions
local to nfs_clrpcops.c.
Future commits will do the same for other functions.

nvme: Use controller's page size instead of PAGE_SIZE to create qpair

When constructing qpair, use the controller's notion of page size rather
than the host's PAGE_SIZE. Currently, these are both 4k, but the arm 16k
page size support requires decoupling.

There's a "hidden" PAGE_SIZE in btoc, so we must change btoc(x) to
howmany(x, ctrlr->page_size) to properly count the number of pages (in
the drive's world view) are needed for various calculations.

With these changes, we the nvme driver operates at production level load
for both host 4k and host 16k page size.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D34873

nvme: Prefer nvme_printf to printf when reporting formatting error

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D34872

nvme: Further refinements in Host Memory Buffer Sizing

Host Memory Buffer units are a mix. For those in the identify structure,
the size is in 4kiB chunks. For specifying the buffer description,
though, they are in terms of the drive's MPS. Add comments to this
effect and change PAGE_SIZE to ctrlr->page_size where needed, as well as
correct a mistaken use of NVME_HPS_UNITS in 214df80a9cb3 as pointed out
by rpokala@ after the commit. No functional change is intended, as
page_size is still 4k which matches all current hosts' PAGE_SIZE, but to
support 16k pages on arm, we need to differentiate these two cases.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D34871

nvme: Remove NVME_MAX_XFER_SIZE, replace inline calculation

NVME_MAX_XFER_SIZE used to be a constant (back when MAXPHYS was a
constant) to denote the smaller of MAXPHYS or the largest PRP we could
encode with our prealloation scheme. However, it's no longer constant
since MAXPHYS varies at runtime. In addition, the actual maximum is now
based on the drive's currently in use page_size, which is also a runtime
expression. As such, remove the define and expand it inline in the one
place its used still in the tree.

Sponsored by: Netflix
Reviewed by: chuck
Differential Revision: https://reviews.freebsd.org/D34870

nvme: Use saved mps when initializing drive

Make sure we set the MPS we cached (currently the drives minimum mps) in
CC (Controller Configuration) when reinitializing the drive. It must
match the page_size that we're going to use. Also retire less specific
NVME_PAGE_SHIFT since it's now unused.

Sponsored by: Netflix
Reviewed by: chuck
Differential Revision: https://reviews.freebsd.org/D34869

nvme: Rename min_page_size to page_size and save mps

The Memory Page Size sets the basic unit of operation for the drive. We
currently set this to the drive's minimum page size, but we could set it
to any page size the drive supports in the future. Replace min_page_size
(it's now unused for that purpose) with page_size to reflect this and
cache the MPS we want to use. Use NVME_MPS_SHIFT to compute page_size.

Sponsored by: Netflix
Reviewed by: chuck
Differential Revision: https://reviews.freebsd.org/D34868

nvme: Base maximum data transfer size directly on MPSMIN in cap_hi

Calculate the maxmimum transfer size based on the MPSMIN we have in our
cached copy of cap_hi rather than using min_page_size in the controller.

Sponsored by: Netflix
Reviewed by: chuck
Differential Revision: https://reviews.freebsd.org/D34867

nvme: Fix old intel alignment size

The intel raid stripe alignment parameter is based on CAP.MPSMIN, so use
that directly now that we have it available.

Sponsored by: Netflix
Reviewed by: chuck
Differential Revision: https://reviews.freebsd.org/D34866

nvme: Define NVME_MPS_SHIFT

The memory page size (MPS) is expressed in terms of a 2^(number + 12)
and other items in the system inherit this. Create a define rather than
sprinkling 12 everywehere.

Sponsored by: Netflix
Reviewed by: chuck
Differential Revision: https://reviews.freebsd.org/D34865

acpica: Drop a local patch in favor of an upstream patch

Use ACPI_ERROR() instead of fprintf().

https://github.com/acpica/acpica/pull/768

fusefs: validate servers' error values

Formerly fusefs would pass up the stack any error value returned by the
fuse server.  However, some values aren't valid for userland, but have
special meanings within the kernel.  One of these, EJUSTRETURN, could
cause a kernel page fault if the server returned it in response to
FUSE_LOOKUP.  Fix by validating all errors returned by the server.

Also, fix a data lifetime bug in the FUSE_DESTROY test.

PR: 263220
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 3 weeks
Sponsored by: Axcient
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34931

lpr: remove a.out binary detection

Since the first unattributed commit in 1981, lpr has attempted to
prevent users from printing executables (and in earlier versions
archives). Archive detection was lost in 1992 when lpr gained a
dependency on a.out.h. No corresponding support was added for ELF files
with the full transiation to ELF in 1998, but a.out support has been
dragged forward to and contaminated platforms that never supported
a.out.

While this feature isn't unuseful, preventing the printing of
a single file format we stopped producing ~20 years ago isn't worth
the costs (however minimal).

Reviewed by: gad, imp, emaste
Differential Revision: https://reviews.freebsd.org/D34901

ssh: correct version number (9.0)

Reported by: flo
Fixes: 87c1498d1a74 ("ssh: update to OpenSSH v9.0p1")
Sponsored by: The FreeBSD Foundation

LinuxKPI: 802.11: improve hw_scan

Initially we were using the IEs from ieee80211_probereq_ie() of net80211
and put them into the common_ies field. Start by manually building the
per-band and common IE parts as drivers put them back together.
This also involves allocating the req.ie as one buffer for all IEs over
all bands and setting req.ie_len correctly based on how many bytes we
put in.

Manually building per-band scan IEs we still use the net80211 routines
to add IEs to the buffer (mostly).

This is needed by Realtek drivers but will equally used by others.
Realtek would simply panic due to skbs being allocated with the wrong
length.

Longer-term this will help us, e.g., when not supporting VHT on 2Ghz
and we would have to do this anyway.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

LinuxKPI: 802.11: use an sx lock to protect the list of vifs

Use an sx lock to protect the list of vifs.  We could use the
linux mutex compat for this but our current implementation may
re-acquire the lock recursively so allow this.  The change is
mainly motivated by the fact that some callers may sleep in the
interator function called.  Recursiveness is needed because we
see find_sta_by_ifaddr() being called from an iterator function
from iterate_interfaces().

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

LinuxKPI: 802.11: start adding rate control to ieee80211_tx_status()

Start adding rate control feedback in ieee80211_tx_status() in order
for net80211 to be able to report something back (which may not
yet be the view of the firmware). iwlwifi is reporting back an MSC 0
even with HT disabled (to be investigated) so we cannot (yet) use
the firmware/driver rate feedback directly.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

LinuxKPI: 802.11: implement ieee80211_probereq_get()

Implement ieee80211_probereq_get() needed by Realtek drivers.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

LinuxKPI: skbuff: start implementing skb_copy()

Implement skb_copy() with omissions of fragments and possibly other fields
for now. Should we hit frags at any point a log message will let us know.
For the few cases we need this currently this is enough.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

LinuxKPI: skbuff: dev_kfree_skb_irq() and improvements

While it is currently unclear if we will have to defer work in
dev_kfree_skb_irq() to call dev_kfree_skb().
We only have one caller which seems to be fine on FreeBSD by calling
it directly for now.

While here shortcut skb_put()/skb_put_data() saving us work if there
are no adjustments to do.
Also adjust the logging in skb_is_gso() to avoid getting spammed by it.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

Remove 12.x ABI compat for kernel dump ioctls

This code was marked gone_in(14), so it can now be removed.

The only consumer of this interface is dumpon(8). We do not maintain
strict backwards compatibility for this utility because a) it
can't/shouldn't be used from a jail or chroot and b) it is highly
specific interface unique to FreeBSD. The host's (presumably more
up-to-date) copy of dumpon(8) should be used to configure kernel dump
devices.

Reviewed by: markj, emaste
MFC after: never
Differential Revision: https://reviews.freebsd.org/D34914

Remove 11.x ABI compat for kernel dump ioctls

This code was marked gone_in(13), so its time has passed.

The only consumer of this interface is dumpon(8). We do not maintain
strict backwards compatibility for this utility because a) it
can't/shouldn't be used from a jail or chroot and b) it is highly
specific interface unique to FreeBSD. The host's (presumably more
up-to-date) copy of dumpon(8) should be used to configure kernel dump
devices.

Reviewed by: markj, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D34913

ssh: apply post-release patch from V_9_0 branch

upstream: clear io_want/io_ready flags at start of poll() cycle;

avoids plausible spin during rekeying if channel io_want flags are reused
across cycles. ok markus@ deraadt@

scp: switch to using the SFTP protocol by default

From upstream release notes https://www.openssh.com/txt/release-9.0

This release switches scp(1) from using the legacy scp/rcp protocol
to using the SFTP protocol by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.

Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path@openssh.com" to support
this.

In case of incompatibility, the scp(1) client may be instructed to use
the legacy scp/rcp using the -O flag.

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH v9.0p1

Release notes are available at https://www.openssh.com/txt/release-9.0

Some highlights:

* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
   exchange method by default ("sntrup761x25519-sha512@openssh.com").
   The NTRU algorithm is believed to resist attacks enabled by future
   quantum computers and is paired with the X25519 ECDH key exchange
   (the previous default) as a backstop against any weaknesses in
   NTRU Prime that may be discovered in the future. The combination
   ensures that the hybrid exchange offers at least as good security
   as the status quo.

* sftp-server(8): support the "copy-data" extension to allow server-
   side copying of files/data, following the design in
   draft-ietf-secsh-filexfer-extensions-00. bz2948

* sftp(1): add a "cp" command to allow the sftp client to perform
   server-side file copies.

This commit excludes the scp(1) change to use the SFTP protocol by
default; that change will immediately follow.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

etc/mtree: Remove tabs

libsysdecode: Add regression tests for sysdecode_cap_rights(3)

Reviewed by: jhb, emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34900

libsysdecode: Include required headers in sysdecode.h

Make sysdecode.h self-contained rather than forcing all consumers to
include dependencies. No functional change intended.

Reviewed by: pauamma_gundo.com, jhb, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34899

diff3: allow diff3 ed scripts to generate deletions

diff3 with the -e (ed script flag) can generate line deletions, add
support for deletions and add a test case to exercise this behaviour.
This functionality was unearthed through comparison of bsd diff3 and gnu
diff3 output.

Reviewed by: pstef
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34912

Revert rest of a5970a529c2d95271: use vrefact() when working on fp->f_vnode

Now, since O_PATH-opened file descriptors use use references instead
of the hold references, vrefact() chahges from that revision can be
reverted.

Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D34906

sctp: don't keep a pointer to a freed stcb around

Reported by: syzbot+b9ef06efdae7cb9ee414@syzkaller.appspotmail.com
Reported by: syzbot+b1e4793e0e6b25b0d510@syzkaller.appspotmail.com
MFC after: 3 days

sctp: improve locking

Hold a refcount while giving up an stcp lock. This issue was
found by running syzkaller.

MFC after: 3 days

nfscl: Clean up the code by removing unused arguments

The "void *stuff" (also called fstuff and dstuff) argument
was used by the Mac OSX port. For FreeBSD, this argument
is always NULL, so remove it to clean up the code.

This commit gets rid of "stuff" for nfscl_nget().
Future commits will do the same for other functions.

cxgbetool(8): User interface to round-robin queue selection via COP.

Queue "roundrobin" in a COP rule means the driver should select queues
for new tids in a round-robin manner.

Reviewed by: jhb@
MFC after: 1 week
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34922

cxgbe/t4_tom: Support for round-robin selection of offload queues.

A COP (Connection Offload Policy) rule can now specify that the tx
and/or rx queue for a new tid should be selected in a round-robin
manner. There is no change in default behavior.

Reviewed by: jhb@
MFC after: 1 week
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34921

cxgbe(4): Add support for PPOD_EDRAM feature.

The driver queries the firmware to find out if it supports this feature
and enables it if it does. The firmware moves the iSCSI page pod region
to a lower address so that some of it is located in the faster on-chip
memory instead of external DDR.

Reviewed by: jhb@
MFC after: 3 weeks
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34895

tcp: adding a functionality to define "trace points" so that BB logging can be enabled at specific events.

This commit will add a new concept to rack, tracepoints. A tracepoint
is a defined point inserted into the code (3 are included in this initial patch) that
allows a developer to insert a point that might be of interest. The developer numbers
the point in the tcp_rack.h file and then can use sysctl to enable that (or all) trace
points. A limit is also given to how many BB logged connections will turn on
so that a box is not overrun by BB logging.

Reviewed by: tuexen
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D34898

tcp - hpts timing is off when we are above 1200 connections.

HPTS timing begins to go off when we reach the threshold of connections (1200 by default)
where we have any returning syscall or LRO stop finding the oldest hpts thread that
has not run but instead using the CPU it is on. This ends up causing quite a lot of times
where hpts threads may not run for extended periods of time. On top of all that which
causes heartburn if you are pacing in tcp, you also have the fact that where AMD's
podded L3 cache may have sets of 8 CPU's that share a L3, hpts is unaware of this
and thus on amd you can generate a lot of cache misses.

So to fix this we will get rid of the CPU mode, and always use oldest. But also make
HPTS aware of the CPU topology and keep the "oldest" to be within the same L3 cache.
This also works nicely for NUMA as well couple with Drew's earlier NUMA changes.

Reviewed by: glebius, gallatin, tuexen
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D34916

sctp: cleanup

MFC after: 3 days

vm: Initialize the transient buffer mapping arena with M_WAITOK

The wait flag is passed to UMA when allocating boundary tags for the
initial span, and UMA expects either M_WAITOK or M_NOWAIT to be present.

Reported by: cperciva
MFC after: 1 week
Sponsored by: The FreeBSD Foundation

vm: Move the "vm_wait in early boot" assertion to the proper place

The assertion was added in commit 1771e987ca6a. After that, vm_wait()
and friends were refactored such that the actual sleep happens
elsewhere. Now the assertion condition is not checked when
vm_wait_doms() is called directly, and it is checked even if we are not
going to sleep (because vm_page_count_min_set(wdoms) is false).

Reviewed by: alc, kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34909

sysent: regen after 52a1d90c8bfe, posix_fadvise in capmode

Allow posix_fadvise in capability mode

posix_fadvise operates only on a provided fd. Noted by
Mathieu <sigsys@gmail.com> in review D34761.

No new CAP_ rights are added for posix_fadvise(), as 'advice' in
general only influences when I/O happens; the fd must have existing
CAP_ rights for actual data access.

Reviewed by: markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34903

genet: fix problems with interface down/up

The genet interface did not resume operation correctly after doing
ifconfig down then up.  The down/reset procedure did not clear the
RUNNING flag, and did not reset enough of the hardware state.  This
patch is modeled on OpenBSD code, with a call to gen_reset added
to reset the controller completely.  Regularize the parameter to
gen_dma_disable() while here.

PR:             263091
Submitted by: jiahali@blackberry.com

pfctl: fix recursive printing of rules

When asked to print rules recursively, correctly recurse for anchors
included in pf.conf with "anchorname/*".

PR: 262590
Reviewed by: kp
MFC after: 3 weeks

Disable building kcov test on powerpcspe

It's also 32-bit and lacks support for the needed atomic operations.

Sponsored by: The FreeBSD Foundation

libedit: import version of 2022-04-11

It includes improvements in the libreadline compatibility and a change
from pstef@ which fixes filename autocompletion for strings like a\)b

libedit: import version 2022-04-11

update to 2022-03-22

wpa: Correctly call pcap_next_ex()

The second argument to pcap_next_ex() is a pointer to a pointer.
Not a pointer. This fixes a wpa_supplicent SIGSEGV.

PR: 263266
Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Fixes: 6e5d01124fd4dd57899ddd9260c76dbb43543aa7
MFC: immediately

time(3): Refine history in the manual page

The time() system call first appeared in Version 1 AT&T UNIX. Through
the Version 3 AT&T UNIX, it returned 60 Hz ticks since an epoch that
changed occasionally, because it was a 32-bit value that overflowed in a
little over 2 years.

In Version 4 AT&T UNIX the granularity of the return value was reduced to
whole seconds, delaying the aforementioned overflow until 2038.

Version 7 AT&T UNIX introduced the ftime() system call, which returned
time at a millisecond level, though retained the gtime() system call
(exposed as time() in userland). time() could have been implemented as a
wrapper around ftime(), but that wasn't done.

4.1cBSD implemented a higher-precision time function gettimeofday() to
replace ftime() and reimplemented time() in terms of that.

Since FreeBSD 9 the implementation of time() uses
clock_gettime(CLOCK_SECOND) instead of gettimeofday() for performance
reasons.

With most valuable input from Warner (imp@).

Reviewed by: 0mp, jilles, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34751

cxgbe(4): Fix control flow issues reported by Coverity.

CID 1487932: Control flow issues (NESTING_INDENT_MISMATCH).
The macro on this line expands into multiple statements, only the first
of which is nested within the preceding parent while the rest are not.
9828 ulp_region(RX_TLS_KEY);

Reported by: Coverity (CID 1487932)
Fixes: f88b31885c4 cxgbe(4): meminfo should get the TLS region's limits from the hardware.
MFC after: 3 days
Sponsored by: Chelsio Communications

Revert "drm2: Fix a typo in a source code comment"

This reverts commit 5158cf0a382eb9079e1851f86293f37a1cf25f5b.

stress2: Permanently disable disruptive tests

Mostly revert a5970a529c2d95271: Make files opened with O_PATH to not block non-forced unmount

Problem is that open(O_PATH) on nullfs -o nocache is broken then,
because there is no reference on the vnode after the open syscall exits.

Reported and tested by: ambrisko
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

powerpc mpc85xx: Remove unused variables.

powerpc: Use __diagused for variables only used in KASSERT().

ad7417: Avoid an unused but set warning when compiled with NO_SYSCTL_DESCR.

Use a ternary operator for the description string passed to
SYSCTL_ADD_PROC instead of a helper variable.

dpaa: Remove unused variables.

divert_packet: ip is only used for SCTP.

in_pcballoc: error is only used for IPSEC or MAC.

kern: Move variables only used for MAC under #ifdef MAC.

riscv: Use __diagused for variables only used in KASSERT().